-REQUIRETLS support
-------------------
-Ref: https://tools.ietf.org/html/draft-ietf-uta-smtp-require-tls-03
-
-If compiled with EXPERIMENTAL_REQUIRETLS support is included for this
-feature, where a REQUIRETLS option is added to the MAIL command.
-The client may not retry in clear if the MAIL+REQUIRETLS fails (or was never
-offered), and the server accepts an obligation that any onward transmission
-by SMTP of the messages accepted will also use REQUIRETLS - or generate a
-fail DSN.
-
-The Exim implementation includes
-- a main-part option tls_advertise_requiretls; host list, default "*"
-- an observability variable $requiretls returning yes/no
-- an ACL "control = requiretls" modifier for setting the requirement
-- Log lines and Received: headers capitalise the S in the protocol
- element: "P=esmtpS"
-
-Differences from spec:
-- we support upgrading the requirement for REQUIRETLS, including adding
- it from cold, within an MTA. The spec only define the sourcing MUA
- as being able to source the requirement, and makes no mention of upgrade.
-- No support is coded for the RequireTLS header (which can be used
- to annul DANE and/or STS policiy). [this can _almost_ be done in
- transport option expansions, but not quite: it requires tha DANE-present
- but STARTTLS-failing targets fallback to cleartext, which current DANE
- coding specifically blocks]
-
-Note that REQUIRETLS is only advertised once a TLS connection is achieved
-(in contrast to STARTTLS). If you want to check the advertising, do something
-like "swaks -s 127.0.0.1 -tls -q HELO".
-
-
-
-
Early pipelining support
------------------------
Ref: https://datatracker.ietf.org/doc/draft-harris-early-pipe/
TLS1.2-client-hello ->
<- TLS-server-hello,cert,hello-done
client-Kex,change-cipher,finished ->
- <- change-cipher,finshed
+ <- change-cipher,finished
EHLO,MAIL,RCPT,DATA ->
<- EHLO-resp,MAIL-ack,RCPT-ack,DATA-goahead
git://git.exim.org / exim.git / blobdiff